[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f3RhLkSYUonXK_VrjA-njkvO_pfLW6oRnsVr9dY8Qk9s":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":48,"crawl_stats":38,"alternatives":54,"analysis":162,"fingerprints":210},"block-referer-spam","Block Referer Spam","1.1.9.5","supersoju","https:\u002F\u002Fprofiles.wordpress.org\u002Fsupersoju\u002F","\u003Cp>\u003Cstrong>Block Referer Spam\u003C\u002Fstrong> aims at blocking all (or most) websites that use Referer Spam to promote their – often somewhat dodgy – website content. This is accomplished by bots that simulate human behavior. They do this so well, that they even show up in \u003Cstrong>Google Analytics\u003C\u002Fstrong>. This plugin does not require any special configuration after installation. Once active and auto-update is enabled, you will barely see any of those nasty spammers any more.\u003C\u002Fp>\n\u003Cp>From \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FReferer_spam\" rel=\"nofollow ugc\">Wikipedia\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Referrer spam (also known as log spam or referrer\nbombing) is a kind of spamdexing (spamming aimed\nat search engines). The technique involves making\nrepeated web site requests using a fake referer URL\nto the site the spammer wishes to advertise. Sites that\npublish their access logs, including referer statistics,\nwill then inadvertently link back to the spammer's site.\nThese links will be indexed by search engines\nas they crawl the access logs.\n\nThis benefits the spammer because the free link improves\nthe spammer site's search engine ranking owing\nto link-counting algorithms that search engines use.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatic or manual updates of referer spam list\u003C\u002Fli>\n\u003Cli>Option of adding custom referer spam hosts\u003C\u002Fli>\n\u003Cli>Two methods of blocking: mod_rewrite or WordPress based\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Pro Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Pro plans start at only $2\u002Fmo. Visit \u003Ca href=\"https:\u002F\u002Fblockreferspam.com\" rel=\"nofollow ugc\">BlockReferSpam.com\u003C\u002Fa> for more information.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatic syncing your of custom block lists across all of your sites\u003C\u002Fli>\n\u003Cli>Additional curated block lists\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Examples Blocked\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>semalt\u003C\u002Fli>\n\u003Cli>buttons-for-website\u003C\u002Fli>\n\u003Cli>floating-share-buttons\u003C\u002Fli>\n\u003Cli>4webmaster\u003C\u002Fli>\n\u003Cli>ilovevitaly\u003C\u002Fli>\n\u003Cli>… and many more!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you think you found a bug in Referer Spam Blocker, please contact us! Further, if you want to contribute, feel free!\u003C\u002Fp>\n\u003Cp>Anything else, please get in touch!\u003C\u002Fp>\n\u003Cp>support \u002F supersoju.com\u003C\u002Fp>\n\u003Cp>Cover photo by \u003Ca href=\"https:\u002F\u002Funsplash.com\u002F@lukasbudimaier\" rel=\"nofollow ugc\">Lukas Budimaier\u003C\u002Fa>\u003C\u002Fp>\n","Blocks referer\u002Freferral spam from accessing your site and cleans up your Google Analytics in the process!",600,24926,68,21,"2023-05-04T16:25:00.000Z","6.2.9","3.0.2","",[20,21,22,23,24],"buttons-for-website","floating-share-buttons","referer","semalt","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblock-referer-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-referer-spam.1.1.9.5.zip",85,1,0,"2023-05-09 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2023-32497","block-referer-spam-authenticated-administrator-stored-cross-site-scripting","Block Referer Spam \u003C= 1.1.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Block Referer Spam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.1.9.4","low",3.3,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ffd97fba9-513b-46e1-9613-2f64c4272f34?source=api-prod",259,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":49,"total_installs":50,"avg_security_score":51,"avg_patch_time_days":47,"trust_score":52,"computed_at":53},2,620,93,74,"2026-04-03T23:31:16.886Z",[55,77,100,118,143],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":18,"tags":70,"homepage":75,"download_link":76,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"gm-block-bots","GM Block Bots","2.0.2","mickmel","https:\u002F\u002Fprofiles.wordpress.org\u002Fmickmel\u002F","\u003Cp>This blocks semalt.com, buttons-for-website.com and others with a 403 Forbidden message so that they no longer show up in your Google Analytics stats. This won’t block ghost referrals (no plugin can do that), but \u003Ca href=\"http:\u002F\u002Fwww.greenmellenmedia.com\u002Fblocking-ghost-referrals-in-google-analytics\u002F\" rel=\"nofollow ugc\">this short video\u003C\u002Fa> will walk you through that process in Google Analytics.\u003C\u002Fp>\n\u003Cp>Once installed, this plugin will run automatically in the background; there is no options panel or anything to see in your dashboard.\u003C\u002Fp>\n\u003Cp>Other sites will be added to the block list over time via updates to this plugin.\u003C\u002Fp>\n\u003Cp>For more information, visit us at \u003Ca href=\"http:\u002F\u002Fwww.greenmellenmedia.com\" rel=\"nofollow ugc\">GreenMellenMedia.com\u003C\u002Fa> or find us on Twitter \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fgreenmellen\" rel=\"nofollow ugc\">@GreenMellen\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Current list of blocked bots: All sites ending in .xyz, 100dollars-seo.com, 4webmasters.org, 7makemoneyonline.com, adviceforum.info, aliexpress.com, amazonaws.com, anticrawler.org, avtlg.ru, bashtel.ru, best-seo-offer.com, best-seo-solution.com, bestsub.com, bestwebsitesawards.com, blackhatworth.com, burger-imperia.com, buttons-for-website.com, buttons-for-your-website.com, buy-cheap-online.info, chinese-amezon.com, clicksor.com, copyrightclaims.org, corbina.ru, cpty.com, darodar.com, depositfiles-porn.ga, domination.ml, e-buyeasy.com, ebin.cc, econom.co, erot.co, ertelecom.ru, event-tracking.com, fix-website-errors.com, free-floating-buttons.com, floating-share-buttons.com, free-share-buttons.com, free-share-buttons.top, free-social-buttons.com, free-video-tool.com, get-free-social-traffic.com, get-free-traffic-now.com, ɢoogle.com, googlsucks.com, guardlink.com, guardlink.org, hol.es, hongfanji.com, how-to-earn-quick-money.com, howtostopreferralspam.eu, hulfingtonpost.com, hvd-store.com, ilovevitaly.*, is74.ru, kabbalah-red-bracelets.com, kambasoft.com, kes.ru, keywords-monitoring-your-success.com, lifehacĸer.com, magicdiet.gq, makemoneyonline.com, monetizationking.net, mts.ru, mts-nn.ru, nationalcablenetworks.ru, netbynet.ru, o-o-6-o-o.com, pizza-tycoon.com, pogodnyyeavarii.gq, pornhub-forum.ga, priceg.com, qualitymarketzone.com, rank-checker.online, ranking2017.ga, rankings-analytics.com, rankscanner.com, ranksonic.org\u002Finfo, sanjosestartups.com, sashagreyblog.ga, savetubevideo.com, search.myway.com, search.tb.ask.com, semalt.com, seo-platform.com, sexyali.com, simple-share-buttons.com, site-16528012-1.snip.tw, site-auditor.online, sitequest.ru, snip.to, social-buttons-*, social-s-*, success-seo.com, theguardlan.com, top1-seo-service.com, torture.ml, traffic2money.com, trafficmonetizer.net, uni.me, uptime.com, video–production.com, videos-for-your-business.com, webmonetizer.net, website-analyzer.info, works.if.ua, wow.com, youporn-forum.ga, yourserverisdown.com\u003C\u002Fp>\n","This blocks semalt.com, buttons-for-website.com and others with a 403 Forbidden message so that they no longer show up in your Google Analytics stats.",900,75414,88,16,"2017-11-28T19:19:00.000Z","4.7.32","3.0",[71,72,73,74,23],"botnet","bots","buttons-for-websites","darodar","http:\u002F\u002Fwww.greenmellenmedia.com\u002Fplugins\u002Fgm-block-bots\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgm-block-bots.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":18,"tags":92,"homepage":98,"download_link":99,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wp-block-referral-spam","Block Referral Spam","1.2.1","WPDeveloper","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdevteam\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwpdeveloper.net\u002F\" rel=\"nofollow ugc\">WPDeveloper.net\u003C\u002Fa> brings ‘Block Referral Spam’ for all WordPress user for free.\u003C\u002Fp>\n\u003Cp>This plugins blocks the most number of Referral Spams. Now no more notice from Google and no more weird report in Google Analytics.\u003C\u002Fp>\n\u003Cp>Its super simple to use, nothing to setup, just install and activate the plugin, we will protect from 375+ separate domain (thanks to the user contribution) that spam your Google Analytics. This domain list is always increasing and biggest list available online.\u003C\u002Fp>\n\u003Cp>You could give feedback to us directly, and suggest new spam domain, \u003Ca href=\"https:\u002F\u002Fwpdeveloper.net\u002Fgo\u002FBRS-UO\" rel=\"nofollow ugc\">click here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Here is our \u003Ca href=\"https:\u002F\u002Fwpdeveloper.net\u002Fgo\u002FBlog-BRS-A1\" rel=\"nofollow ugc\">blog post\u003C\u002Fa>, on how to get Top Referrer right from your WordPress Dashboard.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Check Our Other Plugins:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-analytify\u002F\" rel=\"ugc\">Analytify – Ultimate Google Analytics Dashboard\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwitter-cards-meta\u002F\" rel=\"ugc\">Twitter Cards Meta\u003C\u002Fa>\u003C\u002Fstrong> \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpdeveloper.net\u002Ffree-plugin\u002Fwp-scheduled-posts\u002F\" rel=\"nofollow ugc\">WP Scheduled Posts\u003C\u002Fa>\u003C\u002Fstrong> \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffacebook-secret-meta\u002F\" rel=\"ugc\">Facebook Secret Meta\u003C\u002Fa>\u003C\u002Fstrong> \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-author-report-free\u002F\" rel=\"ugc\">WP Author Report Free\u003C\u002Fa>\u003C\u002Fstrong> \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Contribute in GitHub!!\u003C\u002Fstrong>\u003Cbr \u002F>\n  Contribute in GitHub. \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FARCommunications\u002FBlock-Referral-Spam\" rel=\"nofollow ugc\">Click here\u003C\u002Fa>!\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>This plugin is a great example of OpenSource community. Pull request are very welcome and usually accepted within 24hr. Together we fight with evil spam bot.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Don’t get confused with the term \u003Cem>Referrer Spam\u003C\u002Fem> or \u003Cem>Referral Spam\u003C\u002Fem> or \u003Cem>Referer Spam\u003C\u002Fem>. Google basically calls it \u003Cem>Referral Traffic\u003C\u002Fem>. It’s all mean the same thing.\u003C\u002Fp>\n\u003Ch3>Donation\u003C\u002Fh3>\n\u003Cp>You could use our free & pro plugins fro link below.\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fwpdeveloper.net\u002F\u003C\u002Fp>\n","This plugins blocks maximum Referral Spams. Now no more notice from Google and no more weird report in Google Analytics.",300,9296,82,9,"2017-06-08T21:58:00.000Z","4.8.28","2.5.0",[93,94,95,96,97],"google-analytics-referral-spam","referer-spam","referral-spam","referral-traffic","referrer-spam","https:\u002F\u002Fwpdeveloper.net\u002Ffree-plugin\u002Fblock-referral-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-block-referral-spam.1.2.1.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":49,"last_updated":18,"tested_up_to":18,"requires_at_least":111,"requires_php":18,"tags":112,"homepage":18,"download_link":115,"security_score":116,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":117},"referer-spam-blocker","Referer Spam Blocker","0.4","WP Maintainer","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpmaintainer\u002F","\u003Cp>Referer spam has been growing and clogging up website analytics data (such as Google Analytics) with fraudulent traffic statistics. Millions of users are reporting issues and it has become a major nuisance.\u003C\u002Fp>\n\u003Cp>Block these malicious sites easily. All major referer spam domains blocked out of the box and you can customize the domain keyword lists to block any domains you wish. Brought to you by the team of WordPress experts at WP Maintainer.\u003C\u002Fp>\n","Block\u002Fblacklist known (and custom) spam referring domains at the WordPress level with an HTTP 403 Forbidden page.",80,3397,60,"4.2",[113,114,22,94,24],"block","domain","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freferer-spam-blocker.zip",100,"2026-03-15T10:48:56.248Z",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":128,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":133,"tags":134,"homepage":139,"download_link":140,"security_score":141,"vuln_count":49,"unpatched_count":29,"last_vuln_date":142,"fetched_at":31},"akismet","Akismet Anti-spam: Spam Protection","5.6","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.\u003C\u002Fp>\n\u003Cp>Akismet checks your comments and contact form submissions against our global database of spam to prevent your site from publishing malicious content. You can review the comment spam it catches on your blog’s “Comments” admin screen.\u003C\u002Fp>\n\u003Cp>Major features in Akismet include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically checks all comments and filters out the ones that look like spam.\u003C\u002Fli>\n\u003Cli>Each comment has a status history, so you can easily see which comments were caught or cleared by Akismet and which were spammed or unspammed by a moderator.\u003C\u002Fli>\n\u003Cli>URLs are shown in the comment body to reveal hidden or misleading links.\u003C\u002Fli>\n\u003Cli>Moderators can see the number of approved comments for each user.\u003C\u002Fli>\n\u003Cli>A discard feature that outright blocks the worst spam, saving you disk space and speeding up your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PS: You’ll be prompted to get an Akismet.com API key to use it, once activated. Keys are free for personal blogs; paid subscriptions are available for businesses and commercial sites.\u003C\u002Fp>\n","The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.",6000000,386405930,94,1173,"2025-11-12T16:31:00.000Z","6.9.4","5.8","7.2",[135,136,137,138,24],"anti-spam","antispam","comments","contact-form","https:\u002F\u002Fakismet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fakismet.5.6.zip",99,"2015-10-13 00:00:00",{"slug":144,"name":145,"version":146,"author":81,"author_profile":82,"description":147,"short_description":148,"active_installs":149,"downloaded":150,"rating":128,"num_ratings":151,"last_updated":152,"tested_up_to":131,"requires_at_least":153,"requires_php":121,"tags":154,"homepage":159,"download_link":160,"security_score":141,"vuln_count":28,"unpatched_count":29,"last_vuln_date":161,"fetched_at":31},"disable-comments","Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]","2.6.2","\u003Ch4>Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]\u003C\u002Fh4>\n\u003Cp>Enable\u002FDisable comments on any WordPress content (Pages, Posts, or Media) to stop spammers. WP-CLI, XML-RPC & REST-API support to stop spam comments.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fplugins\u002Fdisable-comments\u002F\" rel=\"nofollow ugc\">More About Plugin\u003C\u002Fa> ◼️ \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs-category\u002Fdisable-comments\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> ◼️ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-comments\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FEpuYs9Nf_nY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Take Global Control Over Your WordPress Site\u003C\u002Fh3>\n\u003Cp>Override all comments-related settings throughout your website & manage your comments just the way you want.\u003C\u002Fp>\n\u003Ch3>Disable Comments On Posts, Pages & Media\u003C\u002Fh3>\n\u003Cp>Choose which posts, pages or media should allow comments from site visitors & configure Disable Comments accordingly\u003C\u002Fp>\n\u003Ch3>Disallow Comments On Multi-Site Network\u003C\u002Fh3>\n\u003Cp>Have multiple websites? Get rid of irrelevant comments on the entire network using Disable Comments Plugin\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJ9AteKzQpPs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>KEY FEATURES OF DISABLE COMMENTS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All “Comments” links are hidden from the Admin Menu and Admin Bar.\u003C\u002Fli>\n\u003Cli>All comment-related sections (“Recent Comments”, “Discussion” etc.) are hidden from the WordPress Dashboard.\u003C\u002Fli>\n\u003Cli>All comment-related widgets are disabled (so your theme cannot use them).\u003C\u002Fli>\n\u003Cli>The “Discussion” settings page is hidden.\u003C\u002Fli>\n\u003Cli>All comment RSS\u002FAtom feeds are disabled (and requests for these will be redirected to the parent post).\u003C\u002Fli>\n\u003Cli>The X-Pingback HTTP header is removed from all pages.\u003C\u002Fli>\n\u003Cli>Outgoing pingbacks are disabled.\u003C\u002Fli>\n\u003Cli>Stop spam comments entirely from the site with one click.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Delete comments by type.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Disable comments via \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs\u002Fhow-to-disable-comments-made-via-xml-rpc\u002F\" rel=\"nofollow ugc\">XML-RPC\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs\u002Fhow-to-disable-comments-made-via-rest-api\u002F\" rel=\"nofollow ugc\">REST-API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Fully Multi-site Network supported.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Manage multiple website network-specific subsites or entire network comments in advance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Exclude Disable Comments Settings based on user roles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FFBq3-W-p-DM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Please delete any existing comments on your site \u003Cstrong>before applying this setting\u003C\u002Fstrong>, otherwise (depending on your theme) those comments may still be displayed to visitors. You can use the \u003Cstrong>Delete Comments tool\u003C\u002Fstrong> to delete any existing comments on your site.\u003C\u002Fp>\n\u003Ch3>🌟 WHAT’S NEW WITH DISABLE COMMENTS 2.0\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>AMAZING USER FRIENDLY INTERFACE\u003C\u002Fstrong>\u003Cbr \u002F>\nEasily configure your comment-related settings with an amazing and attractive app-like user interface.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WP-CLI COMMANDS TO DISABLE COMMENTS\u003C\u002Fstrong>\u003Cbr \u002F>\nUse \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs\u002Fhow-to-use-disable-comments-plugin-with-wp-cli-command-line\u002F\" rel=\"nofollow ugc\">WP-CLI\u003C\u002Fa> control for comment-related settings to disable comments on posts, pages, attachments or everywhere on your website.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fmzi5uhKB9Zk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>GET STARTED WITH QUICK SETUP WIZARD\u003C\u002Fstrong>\u003Cbr \u002F>\nUse the quick setup wizard after activating the plugin to instantly configure comment-related settings for your WordPress website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>DISABLE COMMENTS ON DOCS\u003C\u002Fstrong>\u003Cbr \u002F>\nInstantly disable comments on your documentation pages or WordPress knowledge base with a single click.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Ft7BQ-7A4y4s?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>DELETE CERTAIN COMMENT TYPE(S)\u003C\u002Fstrong>\u003Cbr \u002F>\nPermanently delete certain comment types from your WordPress website including WooCommerce product reviews as well as generic comments.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FIzm_ihC-z10?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>DISABLE COMMENTS VIA XML-RPC And REST API\u003C\u002Fstrong>\u003Cbr \u002F>\nBlock any comments made on your WordPress website via XML-RPC specification and REST API.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important note\u003C\u002Fstrong>: Use this plugin if you don’t want comments at all on your site (or on certain post types). Don’t use it if you want to selectively disable comments on individual posts – WordPress lets you do that anyway. If you don’t know how to disable comments on individual posts, there are instructions in \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-comments\u002F#faq\" rel=\"ugc\">the FAQ\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you come across any bugs or have suggestions, please use the plugin support forum. I can’t fix it if I don’t know it’s broken! Please check the \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-comments\u002F#faq\" rel=\"ugc\">FAQ\u003C\u002Fa>\u003C\u002Fstrong> for common issues.\u003C\u002Fp>\n\u003Cp>Want to contribute? Here’s the \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWPDevelopers\u002Fdisable-comments\" rel=\"nofollow ugc\">GitHub development repository\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>A \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWPDevelopers\u002Fdisable-comments-mu\" rel=\"nofollow ugc\">must-use version\u003C\u002Fa> of the plugin is also available.\u003C\u002Fp>\n\u003Ch3>Advanced Configuration\u003C\u002Fh3>\n\u003Cp>Some of the plugin’s behavior can be modified by site administrators and plugin\u002Ftheme developers through code:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Define \u003Ccode>DISABLE_COMMENTS_REMOVE_COMMENTS_TEMPLATE\u003C\u002Fcode> and set it to \u003Ccode>false\u003C\u002Fcode> to prevent the plugin from replacing the theme’s comment template with an empty one.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Define \u003Ccode>DISABLE_COMMENTS_ALLOW_DISCUSSION_SETTINGS\u003C\u002Fcode> and set it to \u003Ccode>true\u003C\u002Fcode> to prevent the plugin from hiding the Discussion settings page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These definitions can be made either in your main \u003Ccode>wp-config.php\u003C\u002Fcode> or in your theme’s \u003Ccode>functions.php\u003C\u002Fcode> file.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>THIS PLUGIN IS NOW MAINTAINED BY THE TEAM\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002F\" rel=\"nofollow ugc\">WPDeveloper\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>💙 LOVED DISABLE COMMENTS?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>For documentation and tutorials go to our \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs-category\u002Fdisable-comments\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For video tutorials go to our \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=J9AteKzQpPs&list=PLWHp1xKHCfxD2_xOIR5dMAGf3wd4hv-8K\" rel=\"nofollow ugc\">YouTube Playlist\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Join our \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002Fwpdeveloper.net\u002F\" rel=\"nofollow ugc\">Facebook Group\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>If you love Disable Comments, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-comments\u002Freviews\u002F?filter=5\" rel=\"ugc\">rate us on WordPress\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For more information about features, FAQs, and documentation, check out our website at \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fplugins\u002Fdisable-comments\u002F\" rel=\"nofollow ugc\">Disable Comments\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔥 GET FREEBIES FOR YOUR WORDPRESS SITE\u003C\u002Fh3>\n\u003Cp>Consider checking out our other WordPress solutions & boost your WordPress website:\u003C\u002Fp>\n\u003Cp>🔝 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fessential-addons-for-elementor-lite\u002F\" rel=\"ugc\">Essential Addons For Elementor\u003C\u002Fa>: Most popular Elementor addons with 2 million+ happy users & 95+ widgets & ready blocks\u003C\u002Fp>\n\u003Cp>🔔 \u003Ca href=\"https:\u002F\u002Fnotificationx.com\u002F\" rel=\"nofollow ugc\">NotificationX\u003C\u002Fa> – Best Social Proof & FOMO Marketing Solution to increase conversion rates.\u003C\u002Fp>\n\u003Cp>🔗 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetterlinks\u002F\" rel=\"ugc\">BetterLinks\u003C\u002Fa>: Latest best WordPress link management plugin for link shortening, tracking & analyzing.\u003C\u002Fp>\n\u003Cp>📄 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fembedpress\u002F\" rel=\"ugc\">EmbedPress\u003C\u002Fa>: EmbedPress lets you embed anything including videos, images, posts, audio, maps and upload PDF, DOC, PPT etc.\u003C\u002Fp>\n\u003Cp>☁ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemplately\u002F\" rel=\"ugc\">Templately\u003C\u002Fa>: 6000+ Free templates library for Elementor & Gutenberg along with the cloud collaboration for WordPress.\u003C\u002Fp>\n\u003Cp>📚 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetterdocs\u002F\" rel=\"ugc\">BetterDocs\u003C\u002Fa>: Best Documentation & Knowledge Base Plugin for WordPress reduce manual support tickets & improve user experience.\u003C\u002Fp>\n\u003Cp>⏰ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-scheduled-posts\u002F\" rel=\"ugc\">SchedulePress\u003C\u002Fa>: Advanced editorial calendar with WordPress Post Scheduling, Social Sharing, Missed scheduled alerts, and more.\u003C\u002Fp>\n\u003Cp>⚡ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fflexia\u002F\" rel=\"ugc\">Flexia\u003C\u002Fa>: Most lightweight, customizable & multi purpose theme for WordPress.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002F\" rel=\"nofollow ugc\">WPDeveloper\u003C\u002Fa> to learn more about how to do better in WordPress with \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fblog\" rel=\"nofollow ugc\">Help Tutorial, Tips & Tricks\u003C\u002Fa>.\u003C\u002Fp>\n","Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.",1000000,31676190,276,"2026-01-20T08:14:00.000Z","5.0",[155,144,156,157,158],"delete-comments","remove-comments","spam-protection","stop-spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-comments.2.6.2.zip","2014-08-01 00:00:00",{"attackSurface":163,"codeSignals":169,"taintFlows":200,"riskAssessment":201,"analyzedAt":209},{"hooks":164,"ajaxHandlers":165,"restRoutes":166,"shortcodes":167,"cronEvents":168,"entryPointCount":29,"unprotectedCount":29},[],[],[],[],[],{"dangerousFunctions":170,"sqlUsage":171,"outputEscaping":173,"fileOperations":29,"externalRequests":29,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":199},[],{"prepared":29,"raw":29,"locations":172},[],{"escaped":174,"rawEcho":175,"locations":176},6,10,[177,181,183,185,187,189,191,193,195,197],{"file":178,"line":179,"context":180},"admin\\blocked-list.php",24,"raw output",{"file":178,"line":182,"context":180},25,{"file":178,"line":184,"context":180},44,{"file":178,"line":186,"context":180},45,{"file":188,"line":182,"context":180},"admin\\dashboard.php",{"file":188,"line":190,"context":180},26,{"file":188,"line":192,"context":180},66,{"file":188,"line":194,"context":180},145,{"file":188,"line":196,"context":180},158,{"file":188,"line":198,"context":180},159,[],[],{"summary":202,"deductions":203},"The \"block-referer-spam\" plugin exhibits a mixed security posture. On the positive side, static analysis reveals a very small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all SQL queries are properly prepared, and there are no file operations or external HTTP requests, which are common sources of vulnerabilities.  However, a significant concern lies in the output escaping, with a concerning 38% of outputs not being properly escaped. This could leave the plugin susceptible to cross-site scripting (XSS) vulnerabilities if user-supplied data is outputted without adequate sanitization.\n\nThe vulnerability history indicates a past XSS vulnerability from 2023, which aligns with the potential risk posed by the unescaped outputs. While there are no currently unpatched CVEs, the presence of past vulnerabilities, especially of the XSS type, coupled with the current code signals of poor output escaping, suggests a recurring area of weakness that needs attention. The lack of any taint flows or critical severity issues in the taint analysis is a positive sign, but it does not negate the risks associated with output escaping.\n\nIn conclusion, while the plugin has a well-defined and limited attack surface with good practices around SQL and external requests, the insufficient output escaping presents a tangible risk. The plugin's history of XSS vulnerabilities reinforces the need for developers to prioritize proper sanitization of all outputs to prevent potential exploitation.",[204,206],{"reason":205,"points":174},"Insufficient output escaping",{"reason":207,"points":208},"Past XSS vulnerability history",4,"2026-03-16T19:31:02.065Z",{"wat":211,"direct":226},{"assetPaths":212,"generatorPatterns":218,"scriptPaths":219,"versionParams":220},[213,214,215,216,217],"\u002Fwp-content\u002Fplugins\u002Fblock-referer-spam\u002Fadmin\u002Fjs\u002Fdashboard.js","\u002Fwp-content\u002Fplugins\u002Fblock-referer-spam\u002Fadmin\u002Fcss\u002Fdashboard.css","\u002Fwp-content\u002Fplugins\u002Fblock-referer-spam\u002Fadmin\u002Fjs\u002Fblocked-list.js","\u002Fwp-content\u002Fplugins\u002Fblock-referer-spam\u002Fadmin\u002Fcss\u002Fblocked-list.css","\u002Fwp-content\u002Fplugins\u002Fblock-referer-spam\u002Fadmin\u002Fcss\u002F_sidebar.css",[],[213,215],[221,222,223,224,225],"block-referer-spam\u002Fadmin\u002Fjs\u002Fdashboard.js?ver=","block-referer-spam\u002Fadmin\u002Fcss\u002Fdashboard.css?ver=","block-referer-spam\u002Fadmin\u002Fjs\u002Fblocked-list.js?ver=","block-referer-spam\u002Fadmin\u002Fcss\u002Fblocked-list.css?ver=","block-referer-spam\u002Fadmin\u002Fcss\u002F_sidebar.css?ver=",{"cssClasses":227,"htmlComments":229,"htmlAttributes":230,"restEndpoints":233,"jsGlobals":234,"shortcodeOutput":236},[228],"ref-block-list",[],[231,232],"ref-spam-pro-key","ref-spam-pro-active",[],[235],"window.refSpamBlocker",[]]